Pulse Detail — Threat Intelligence

PULSE NAME

复制Poison Ivy IOC 检测威胁防御能力

WHITE Watering Hole zxt841104 2023-11-15 Modified: 2023-11-15

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

复制Poison Ivy IOC 检测威胁防御能力

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1095 T1566 T1176 T1030 T1560 T1123 T1003 T1140 T1083 T1055

MALWARE FAMILIES

menuPass Poison Ivy

Indicators of Compromise (43)

All URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://debugger.immunityinc.com/.	—	2023-11-15
URL	http://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5	—	2023-11-15
URL	https://www.volatilesystems.com/default/volatility.	—	2023-11-15
URL	https://www.volatilesystems.com/default/volatility.19	—	2023-11-15
domain	2012yearleft.com	—	2023-11-15
domain	byinter.net	—	2023-11-15
domain	cmdnetview.com	—	2023-11-15
domain	have8000.com	—	2023-11-15
domain	ntdetect.com	—	2023-11-15
domain	xicp.net	—	2023-11-15
hostname	3q.wubangtu.info	—	2023-11-15
hostname	a.wubangtu.info	—	2023-11-15
hostname	apple.cmdnetview.com	—	2023-11-15
hostname	autuo.xicp.net	—	2023-11-15
hostname	av.ddns.us	—	2023-11-15
hostname	ct.toh.info	—	2023-11-15
hostname	debugger.immunityinc.com	—	2023-11-15
hostname	dedydns.ns01.us	—	2023-11-15
hostname	e.ct.toh.info	—	2023-11-15
hostname	fbi.zyns.com	—	2023-11-15
hostname	jj.mysecondarydns.com	—	2023-11-15
hostname	js001.3322.org	—	2023-11-15
hostname	kr.iphone.qpoe.com	—	2023-11-15
hostname	maofajapa.3322.org	—	2023-11-15
hostname	mf.ddns.info	—	2023-11-15
hostname	microsofta.byinter.net	—	2023-11-15
hostname	microsoftb.byinter.net	—	2023-11-15
hostname	microsofte.byinter.net	—	2023-11-15
hostname	mongoles.3322.org	—	2023-11-15
hostname	ngcc.8800.org	—	2023-11-15
hostname	nkr.iphone.qpoe.com	—	2023-11-15
hostname	send.have8000.com	—	2023-11-15
hostname	sh.chromeenter.com	—	2023-11-15
hostname	tw.2012yearleft.com	—	2023-11-15
hostname	webserver.fartit.com	—	2023-11-15
hostname	webserver.freetcp.com	—	2023-11-15
hostname	weile3322b.3322.org	—	2023-11-15
hostname	www.poisonivy-rat.com	—	2023-11-15
hostname	www.truesec.se	—	2023-11-15
hostname	www.volatilesystems.com	—	2023-11-15
hostname	www.webserver.dynssl.com	—	2023-11-15
hostname	www.webserver.fartit.com	—	2023-11-15
hostname	www.webserver.freetcp.com	—	2023-11-15

References (1)

↗ https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf